PHP Mailer allow only local delivery

directory92

Member
Dec 30, 2015
7
2
3
Lahore, Pakistan
cPanel Access Level
Root Administrator
Hello,
Is there any way to allow PHP mail only send emails to local email addresses,

For Example:
Lets say we have a contact form on a website "example.com" and its coded to sent email to [email protected] if someone fills that form on website it should work, But if its coded to sent emails to [email protected].net or [email protected].org or any external domain it should not work.

Reason:
I don't want to turn off PHP mail function on server but as I have 900+ websites hosted on a server if a single WordPress website gets hacked it starts sending SPAM and gets main IP blacklisted.
 
Last edited by a moderator:

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,739
301
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
Afraid this is not possible. When a php script connects to localhost to send email (which is what the php mail() function does) it does not care or really even know what domain is actually calling it.

That said there are lots of ways to protect your server. Keeping wordpress updated is obviously key but if you cannot do that or your users are unwilling to do so, then you could check out patchman.co which helps a lot with this kind of thing.

You can also use a server side waf like mod_security to help. The comodo free rule set is pretty good.

You can also sign up for an outbound mail filtering system like that provided by mailchannels.com.

Lastly there are server side malware scanners like immunify360 AV and cpMalScan.
 
  • Like
Reactions: cPSamuelM and cPRex

directory92

Member
Dec 30, 2015
7
2
3
Lahore, Pakistan
cPanel Access Level
Root Administrator
@GOT
Thank you so much for reply, Can you tell me any solutions as many WordPress users use nulled themes and once developed it starts sending SPAM or malware or phishing contents. Any FREE solution for that to manage 1000+ websites.
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
37
103
USA
cPanel Access Level
Root Administrator
Hello @directory92,

While it's possible there are free solutions for combating Wordpress malware, I don't know of any personally. I would certainly recommend you configure ClamAV to scan the home directories of accounts with Wordpress sites, as that is a free antivirus solution that is included with cPanel:


As GOT mentioned, imunify360 is another non-free option you could investigate if you want to take a more proactive approach.

If you already know that users' use of the illegitimate Wordpress themes is causing the problem, I would also suggest that you discourage your users from engaging in this practice.